New Session Created Randomly in Tomcat 5.0.28

Problem Description : 1. I have a typical JSP-Servlet web application running on tomcat 5.0.28. 2. After successful login a new session is created. (in login.jsp) and user specific data is kept in session 3. User moves on through the application . Accesses a JSP ( e.g. PageWithHeavyJavascript.jsp), JavaScript code. 4. After doing some selections etc. PageWithHeavyJavascript.jsp, user browses another JSP ( e.g. plain.jsp) which *does not* have any session related code. At this point *sometimes* a NEW session is created. (By implementing HttpSessionListener I observed that the sessionCreated() methos is getting called everytime and sessionDestoryed() method is never getting called) 5. After lot of debugging I have observed that this happens when lot of Javascript code is called through clicks etc. new session is created. I am unable to link lot of Javascript calls with New session getting created.

Has anybody faced the same problem? I would appreciate if you can shed some light on this issue... any hint/solution?

Except the Javascript, are you sure there's no other differences with other jsp pages ? Like including a file with contains some session related code. Maybe something buggy which checks if the user is logged in

I know that, at some point, there was a bug in MSIE that kept sessionIDs from being sent in popup windows, under certain conditions. A while back (probably a year or so ago), I found a Microsoft page that explained this and posted a link to it. Any call to your server that doesn't have session id could cause the server to create a new session.

hi nilesh iam also having the same problem. In my case also it is creating new session for each page. If you get any solution for this problem please share with me iam in very much need of it. thank you

Hi Nilesh/ Sai Priya, I am also getting the similar problem. My application is on apache/tomcat server. I have included multiple jsp's in my index.jsp, e.g. header, login, right_navigation etc.. When user logs in the application through the included login jsp, it creates a session. Strange thing is that when he clicks on the "Home" link available on the login.jsp, the same session is retained but when he click on the "Home" link available on the header.jsp, a new session is created. Session related code is only in the login.jsp.

Interestingly this code works fine in my local machine where I am using tomcat 5.0.28, but it shows above behaviour on the remote Apache server with multiple tomcat 5.0.28 instances.